Mixup Training for Generative Models to Defend Membership Inference Attacks

IEEE INFOCOM 2023 - IEEE Conference on Computer Communications Pub Date : 2023-05-17 DOI:10.1109/INFOCOM53939.2023.10229036

Zhe Ji, Qiansiqi Hu, Liyao Xiang, Chenghu Zhou

{"title":"Mixup Training for Generative Models to Defend Membership Inference Attacks","authors":"Zhe Ji, Qiansiqi Hu, Liyao Xiang, Chenghu Zhou","doi":"10.1109/INFOCOM53939.2023.10229036","DOIUrl":null,"url":null,"abstract":"With the popularity of machine learning, it has been a growing concern on the trained model revealing the private information of the training data. Membership inference attack (MIA) poses one of the threats by inferring whether a given sample participates in the training of the target model. Although MIA has been widely studied for discriminative models, for generative models, neither it nor its defense is extensively investigated. In this work, we propose a mixup training method for generative adversarial networks (GANs) as a defense against MIAs. Specifically, the original training data is replaced with their interpolations so that GANs would never overfit the original data. The intriguing part is an analysis from the hypothesis test perspective to theoretically prove our method could mitigate the AUC of the strongest likelihood ratio attack. Experimental results support that mixup training successfully defends the state-of-the-art MIAs for generative models, yet without model performance degradation or any additional training efforts, showing great promise to be deployed in practice.","PeriodicalId":387707,"journal":{"name":"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE INFOCOM 2023 - IEEE Conference on Computer Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFOCOM53939.2023.10229036","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With the popularity of machine learning, it has been a growing concern on the trained model revealing the private information of the training data. Membership inference attack (MIA) poses one of the threats by inferring whether a given sample participates in the training of the target model. Although MIA has been widely studied for discriminative models, for generative models, neither it nor its defense is extensively investigated. In this work, we propose a mixup training method for generative adversarial networks (GANs) as a defense against MIAs. Specifically, the original training data is replaced with their interpolations so that GANs would never overfit the original data. The intriguing part is an analysis from the hypothesis test perspective to theoretically prove our method could mitigate the AUC of the strongest likelihood ratio attack. Experimental results support that mixup training successfully defends the state-of-the-art MIAs for generative models, yet without model performance degradation or any additional training efforts, showing great promise to be deployed in practice.

查看原文本刊更多论文

防范隶属推理攻击的生成模型混合训练

随着机器学习的普及，训练模型暴露训练数据私有信息的问题日益受到关注。隶属推理攻击(MIA)通过推断给定样本是否参与目标模型的训练而构成威胁之一。尽管MIA在判别模型中得到了广泛的研究，但在生成模型中，它及其防御都没有得到广泛的研究。在这项工作中，我们提出了一种用于生成对抗网络(gan)的混合训练方法，作为对mia的防御。具体来说，原始训练数据被替换为它们的插值，这样gan就不会过拟合原始数据。有趣的是从假设检验的角度进行分析，从理论上证明我们的方法可以减轻最强似然比攻击的AUC。实验结果支持混合训练成功地为生成模型保护了最先进的MIAs，但没有模型性能下降或任何额外的训练努力，显示出在实践中部署的巨大希望。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE INFOCOM 2023 - IEEE Conference on Computer Communications

自引率

0.00%

发文量